Israel reckons it was Hamas

Security researchers have unpicked mobile apps and spyware that infected the mobile devices of Israeli military personnel in a targeted campaign which the state has claimed Hamas was behind.

Earlier this week, Israeli military security officials revealed that hackers whom they claim were Hamas-affiliated* had installed spyware on Israeli soldiers' smartphones.

The officials didn't say how it was determined that the Gaza ruling party was behind the malware lure.

About 100 individuals fell victim to the attack that came in the form a malicious World Cup score tracking app and two fake online dating apps. The snoopy mobile code had been uploaded to the official Google Play Store.

The bogus apps have reportedly been removed from the Google Play Store. Google has yet to respond to a request from El Reg to discuss the incident.

“Golden Cup,” the bogus World Cup app, actually bundled functionality to provide live scores as well as full spectrum snooping.

Israeli military officers told Reuters that “Hamas operatives, using false identities, contacted soldiers on social media and encouraged them to download the apps”.

Scores of soldiers were duped – a number the military said was "under 100". All had since either self-reported the issue or been given a tap on the shoulder – victims of the infection were tracked down by security analysts in the US military. “We know of no damage that was done,” one of the Israeli military officers said.

How bad was it?

Once the apps were installed onto the victims’ phones, the spyware was then able to carry out a number of malicious activities including, but far from limited to, recording a user’s phone calls. The software nasty was also capable of stealing a user’s contacts, SMS messages, images and videos stored on the mobile device alongside information on where they were taken.

Other exploits – including taking a picture when the user receives a call and capturing the user’s GPS location – were also on the menu once a user installed the mobile spyware. The malicious software was also capable of taking recordings of the user’s surroundings.

“This attack involved the malware bypassing Google Play’s protections and serves as a good example of how attackers hide within legitimate apps which relate to major popular events and take advantage of them to attract potential victims,” according to security researchers at Check Point, the Israeli software security firm.

The mobiles of dozens of soldiers were compromised by malicious code posing as dating apps after hackers posed as attractive young women in a similar incident back in January last year. ®

Botnote

*Standard disclaimers about the difficulties of attribution in cyberspace apply. The attack in play made use of clever social engineering attacks, a hallmark of malware from the Middle East in general.

The IDF regards Hamas as a proxy for Iran, its principal enemy both on the ground and in cyberspace.